Facebook shared your data with others – secretly

A recent investigation by The New York Times indicates Facebook may have given access to more data to other companies than it told anyone about.

Is it possible that Facebook has been cheating on millions of its users worldwide and also governments and investigating agencies? A recent investigative report by The New York Times clearly points Facebook has been sharing more “intrusive access to users’ personal data” than it told its users or governments about.

Worse still, Facebook may have been doing this for years now.

TL; DR

Facebook told users and government authorities that it has, without user consent, either not shared data of its users or has stopped sharing data.

Some of the large corporates that have benefited from this data-sharing include Netflix, Microsoft, Amazon, Sony and Yahoo.

Facebook may have used used unfair means to justify this sharing of info.

The New York Times investigation

On December 18, 2018 The New York Times published a well-researched article about how Facebook has been handling users’ data. As per the post, there’s a huge gap between what Facebook tells its users and authorities about the way it shares users’ data and the way it actually does.

Apparently, Facebook has been giving access to its users’ data to some of the largest companies in the world.

Companies that have had access to Facebook users’ data include Amazon, Bing, Sony, Netflix, Spotify, Royal Bank of Canada, Yahoo… Needless to add, this access appears both illegal and unethical.

The list of companies that had access to Facebook users’ data reads eerily like Fortune 500.

What data different companies had access to under special arrangements with Facebook

The New York Times investigation showed that Facebook had made several deals with over 60 brands of smartphones, tables and other devices to let these makes have access to Facebook users’ data. Here’s a list of what kind of data was available to some of them (note that all this, without users’ permission, was illegal):

Microsoft’s search engine Bing to see names of friends of almost all Facebook users, without consent from users

Amazon was given access to users’ name and contact information through friends

Yahoo was allowed to view streams of friends’ posts (Facebook claimed this was stopped much earlier, but this happened this summer)

Spotify could read/write/delete users’ private Facebook messages

Sony could obtain users’ email addresses through their friends

Royal Bank of Canada was allowed to read, write and delete users’ private messages

Yahoo could view real-time feeds of friends’ posts for a feature that Facebook claimed to have stopped in 2011

Apple was given the power to hide from Facebook users that its instruments were asking for users’ data

Rotten Tomatoes had access to data from a Facebook feature that was discontinued

Yandex, the Russian company that is into search engine and ecommerce, enjoyed access to Facebook data

Huwaei, the company that was marked as a security threat by US intelligence, enjoyed special privileges since Facebook listed it as a partner

Why Facebook’s data sharing is serious

Essentially, Facebook allowed the companies mentioned above, and many more, access to users’ data without express permission from users.

Not only that, it appears Facebook had not been fully honest in what it disclosed to authorities.

The biggest reason it is unfair and unethical (and possibly illegal) is this: the companies that were given access to Facebook user’s data were termed partners and were accorded special status. As a result, they were not subjected to extensive privacy program reviews.

In other words, Facebook seemed to have relaxed its rules for these companies.

Here are some other reasons why Facebook’s sharing of data is unfair and unethical:

The data shared is used upon the users themselves in the form of redesigned products or commercials. Either way, the “stolen data” reduces free choice of users.

The models, used by Facebook and Google, begin by assuming that secretly using data is the only way to make money and that no one would pay for their services.

Siphoning away users’s data is a lot like driving a car without license – just because you have access to a car (data) doesn’t mean you can drive it without the right authority (user consent). Even if you’ve hurt no one, you’re still guilty.

It is bringing to life our fears that the moment you step into the online world, you kiss goodbye to your privacy.

Facebook does not provide any auditing services of its partners. As a result, it cannot ensure if the right to be forgotten is to being followed the right way.

Once the data is out of hands of Facebook and into the hands of third-parties, the data collector (Facebook) ceases to have any control over the data. As a result, how the data will be abused becomes unpredictable.

How is Facebook defending its actions

Facebook spokespersons are not sitting silently; they have been issuing their own versions of the truth and offering justifications and explanations.

Here are some of the explanations Facebook is putting up in its own favor:

Facebook has found no evidence of data abuse by its partners.

For most of the partners, Facebook was not required to ask for consent from users. That was because the partners were treated like extensions of Facebook.

Some data, Facebook says, was in case public data and sharing the data did not violate users’ privacy rights.

Facebook had hired PriceWaterhouseCoopers (PwC) to evaluate its data handling practices and PwC has found nothing wrong.